Keywhiz vs Puppet Labs: What are the differences?
Developers describe Keywhiz as "A system for distributing and managing secrets". Keywhiz is a secret management and distribution service that is now available for everyone. Keywhiz helps us with infrastructure secrets, including TLS certificates and keys, GPG keyrings, symmetric keys, database credentials, API tokens, and SSH keys for external services — and even some non-secrets like TLS trust stores. Automation with Keywhiz allows us to seamlessly distribute and generate the necessary secrets for our services, which provides a consistent and secure environment, and ultimately helps us ship faster. On the other hand, Puppet Labs is detailed as "Server automation framework and application". Puppet is an automated administrative engine for your Linux, Unix, and Windows systems and performs administrative tasks (such as adding users, installing packages, and updating server configurations) based on a centralized specification.
Keywhiz and Puppet Labs are primarily classified as "Secrets Management" and "Server Configuration and Automation" tools respectively.
Some of the features offered by Keywhiz are:
- Keywhiz Server provides JSON APIs for accessing and managing secrets. It is written in Java and based on Dropwizard.
- KeywhizFs is a FUSE-based file system, providing secrets as if they are files in a directory. Transparently, secrets are retrieved from a Keywhiz Server using mTLS with a client certificate.
- Presenting secrets as files makes Keywhiz compatible with nearly all software. Outside of Keywhiz administration, consumers of secrets only have to know how to read a file.
On the other hand, Puppet Labs provides the following key features:
- Insight- Puppet Enterprise's event inspector gives immediate and actionable insight into your environment, showing you what changed, where and how by classes, nodes and resources.
- Discovery- Puppet Enterprise delivers a dynamic and fully-pluggable discovery service that allows you to take advantage of any data source or real-time query results to quickly locate, identify and group cloud nodes.
- Provisioning- Automatically provision and configure bare metal, virtual, and private or public cloud capacity, all from a single pane. Save time getting your cloud projects off the ground by reusing the same configuration modules you set up for your physical deployments.
Keywhiz and Puppet Labs are both open source tools. Puppet Labs with 5.37K GitHub stars and 2.1K forks on GitHub appears to be more popular than Keywhiz with 2.09K GitHub stars and 166 GitHub forks.
What is Keywhiz?
What is Puppet Labs?
Need advice about which tool to choose?Ask the StackShare community!
Sign up to add, upvote and see more prosMake informed product decisions
What are the cons of using Keywhiz?
What companies use Keywhiz?
Sign up to get full access to all the companiesMake informed product decisions
What tools integrate with Keywhiz?
Sign up to get full access to all the tool integrationsMake informed product decisions
By 2014, the DevOps team at Lyft decided to port their infrastructure code from Puppet to Salt. At that point, the Puppet code based included around "10,000 lines of spaghetti-code,” which was unfamiliar and challenging to the relatively new members of the DevOps team.
“The DevOps team felt that the Puppet infrastructure was too difficult to pick up quickly and would be impossible to introduce to [their] developers as the tool they’d use to manage their own services.”
To determine a path forward, the team assessed both Ansible and Salt, exploring four key areas: simplicity/ease of use, maturity, performance, and community.
They found that “Salt’s execution and state module support is more mature than Ansible’s, overall,” and that “Salt was faster than Ansible for state/playbook runs.” And while both have high levels of community support, Salt exceeded expectations in terms of friendless and responsiveness to opened issues.
Since #ATComputing is a vendor independent Linux and open source specialist, we do not have a favorite Linux distribution. We mainly use Ubuntu , Centos Debian , Red Hat Enterprise Linux and Fedora during our daily work. These are also the distributions we see most often used in our customers environments.
For our #ci/cd training, we use an open source pipeline that is build around Visual Studio Code , Jenkins , VirtualBox , GitHub , Docker Kubernetes and Google Compute Engine.
For #ServerConfigurationAndAutomation, we have embraced and contributed to Ansible mainly because it is not only flexible and powerful, but also straightforward and easier to learn than some other (open source) solutions. On the other hand: we are not affraid of Puppet Labs and Chef either.
Currently, our most popular #programming #Language course is Python . The reason Python is so popular has to do with it's versatility, but also with its low complexity. This helps sysadmins to write scripts or simple programs to make their job less repetitive and automating things more fun. Python is also widely used to communicate with (REST) API's and for data analysis.
I'm using puppet to configure my servers. This makes it really simple to ensure that I have the same environment. There is a bit of a learning curve, but the repeatability definitely makes it worth the effort. I found puppet to be a little easier to pick up relative to chef, but I've used both. They're both great solutions.
I really like that there are a lot of modules available on the puppet forge that are being actively maintained.
We provision all servers with puppet. We have one central Puppet server which uses puppet modules referenced by a Puppetfile. Those puppet modules are partly from forge and partly self written.
All modules which are self written, have to be tested using rspec-puppet and beaker.
Opstax uses puppet for role/profile based configuration management and the distribution of small/static code.
Configures or servers and allows us to be region independent we have 5 regions across the globe.